spatial operations must be KILL-able
Bug #809849 reported by
Philip Stoev
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| MariaDB |
Fix Released
|
Undecided
|
Alexey Botchkov | ||
Bug Description
Spatial operations can be very CPU intensive, and they are not killable using KILL if they do not use any table rows. This causes the following problems:
- The RQG can not terminate randomly-generated spatial expressions that take too long to calculate, causing the test to block until the expression is calculated;
- It is possible to DoS a server using a spatial expression. No table or update rights are required -- just the ability to connect to the server are required;
- trying to work around the limitations of SQL and the OpenGIS model via application-side logic or CONCAT tricks may produce a query that does not use any tables and is thus unkillable.
Related branches
| Changed in maria: | |
| milestone: | none → 5.3 |
| assignee: | nobody → Alexey Botchkov (holyfoot) |
| Changed in maria: | |
| milestone: | 5.3 → none |
| Changed in maria: | |
| milestone: | none → 5.3 |
| Changed in maria: | |
| status: | New → Fix Committed |
| Changed in maria: | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
